NCP-MCI-7.5 Nutanix Certified Professional - Multicloud Infrastructure (NCP-MCI) 7.5 Question and Answers

Nutanix LCM documentation for the pre-check test_ahv_entering_mm_pinned_vms explains that this check identifies VMs that block the host from entering maintenance mode. Nutanix also notes that during host updates, LCM automatically shuts down running non-migratable VMs before updating the host. In practice, VMs using certain pinned or non-migratable features—such as specific agent, passthrough, or unsupported migration cases—must be powered off if they cannot be moved safely. That makes D the best answer. ( portal.nutanix.com , portal.nutanix.com )

The key is that not every special VM can live-migrate in every environment. Credential Guard migration has CPU-generation limitations, and pinned or specialized VMs can still block maintenance. The safest supported action for the listed blocked VMs is to power them off, let the host enter maintenance mode, and then proceed. So D is the right operational answer.

The uploaded answer key lists B, and that is the safest supported choice among the options because it preserves the cluster’s all-NVMe storage profile rather than introducing mixed media tiers or an all-SSD design that changes the storage architecture. In Nutanix cluster expansion planning, keeping node media type aligned with the existing cluster profile is the normal supported design principle, especially when the existing cluster is already Full-NVMe. Nutanix storage documentation also emphasizes a single storage-pool-per-cluster model and consistent cluster design so that performance and capacity are optimized predictably across the nodes.

The alternative answers introduce obvious design mismatches. Mixed NVMe+HDD or SSD+NVMe nodes would materially change latency and tier behavior, while adding an all-SSD node into a Full-NVMe cluster would also break architectural consistency. Although the exact public expansion-matrix wording was not surfaced in the search results, the answer set itself strongly points to the only media-aligned option: one All NVMe node with 96 TiB RAW capacity. So for an exam-prep answer aligned with Nutanix design logic and the provided key, B is the correct choice.

Nutanix Move documentation states that when migrating VMs from Hyper-V to AOS/AHV, a Nutanix Move agent service is deployed on the Hyper-V host. Nutanix provides dedicated procedures for deploying the Move Agent on Hyper-V, both manually and automatically. That makes D the correct answer.

This is a common migration-tool distinction. Nutanix Move is the migration platform, but the question asks what specifically must be deployed on the Hyper-V host. The answer is not VirtIO drivers or NGT, because those serve different purposes. Nutanix explicitly documents the Move Agent as the source-host component used for Hyper-V migrations. Therefore the authentic exam answer is D. Nutanix Move Agent.

The requirement is straightforward: there is one source site (Site A) and the workload must be replicated to two destination clusters, each with potentially different RPO settings. In Nutanix DR design terminology, that is a one-to-many replication pattern. Nutanix documentation for multisite disaster recovery explains that a single protection policy can include replication schedules to multiple recovery clusters, which is how a source can protect workloads to more than one target with different schedule definitions. That makes D the correct answer.

The other choices describe different topologies. Many-to-One means multiple sources targeting one destination. Many-to-Many is broader bidirectional or multiple-source/multiple-target logic than the question requires. Two-Way-Mirroring is not the correct pattern for one source sending copies outward to two other sites. Nutanix’s protection-policy model is specifically flexible enough to define different replication schedules toward separate destinations, which is why this exact scenario is best labeled One-to-Many. So for an exam-aligned and documentation-consistent answer, D is the right choice.

In Nutanix Elastic VM Storage and shared-storage workflows, the container used across clusters must be created as a Shared storage container. Nutanix documentation for storage container management and container creation in Prism Central explicitly references Creating a Shared Storage Container and Creating a VM with Shared Storage from another HCI Cluster. If the container is not defined as Shared, it will not be eligible for the remote-storage VM placement workflow, so it will not appear as a valid target in the dropdown. ( Nutanix Portal )

The distractors are there to pull attention toward naming and capacity details, but those are not the gating requirement for remote shared-storage presentation. A reservation setting affects capacity planning, not whether the container is exposed as a remote shared-storage option. Hyphens in names and the specific length shown are not the documented reason the container would be absent from this workflow. Nutanix treats shared cross-cluster storage as a specific container type and workflow. Therefore, if the remote container is missing during provisioning, the most likely explanation is that the container type was not configured as Shared. ( Nutanix Portal )

Nutanix documents guest customization profiles as reusable operating-system customization definitions that can be applied during VM deployment. This is precisely what makes them the most efficient answer when a Windows VM will be cloned repeatedly and each clone requires OS-level customization such as naming, identity settings, or first-boot configuration. Instead of creating a separate template each time or manually editing each deployed clone, the administrator creates one reusable customization profile and applies it across deployments. That makes C the correct answer.

This is especially important at scale. Manual post-clone configuration is error-prone and time-consuming, while per-deployment templates create management sprawl. Nutanix’s design encourages reusable policy- or profile-based standardization so that repeated deployments remain consistent and secure. For Windows, that typically means Sysprep-oriented OS customization combined with reusable deployment logic. In other words, the question is asking for the most efficient method, and Nutanix’s documented answer to repeatable OS customization is the guest customization profile. Therefore C is the authentic choice.

Nutanix’s NCC ec_enablement_check identifies containers where erasure coding could save space, but administrators still need to apply judgment based on workload behavior. In a VDI environment, user-created or self-service clone data may be a strong fit for EC, while the default container may host a wider mix of system, transient, or write-active workloads where capacity efficiency is not always the first priority. Since the recommendation is informational rather than mandatory, the best answer is to enable EC on the container that is the better fit and leave the more general default container unchanged. That makes D the most balanced answer.

This question is testing operational discretion. “Enable EC everywhere NCC mentions” is too simplistic. Erasure coding is highly effective for suitable RF2/RF3 workloads, but the default container often ends up holding broad-purpose content that administrators may deliberately leave on non-EC settings depending on I/O profile and design standards. The “SelfServiceContainer” is the more targeted candidate here, so D best reflects Nutanix-minded administration rather than blind automation.

Nutanix documentation for Prism Central deployment states that single Prism Central VM deployments are supported in Small, Large, or X-Large sizes, and that a single-VM deployment can later be scaled out. Since X-Small is not the supported minimum deployment size in this documented model, the minimum supported size is Small. That makes A correct.

This question is really checking whether the administrator understands the starting point for a scale-out-capable Prism Central design. The existence of larger sizes does not change the minimum supported entry point. Nutanix’s documentation is explicit that a single Prism Central VM can begin at Small and later be expanded if more scale or resiliency is needed. Therefore, for a single-node Prism Central deployment with future scale-out potential, the correct answer is Small.

Nutanix documentation for multisite disaster recovery states that a protection policy can include multiple replication schedules across up to three different recovery clusters, and Nutanix also documents the ability to configure multisite replication schedules for up to three recovery clusters with different schedules. That means a source site can protect workloads to multiple destinations without requiring separate, duplicated protection policies for each site. Given the options, the most efficient approach is therefore one protection policy from the source cluster covering all three sites, which is option D.

The answer choices that create multiple separate protection policies are less efficient and introduce avoidable administrative duplication. Cloning policies across sites also misses the point of Nutanix’s native multisite capability. Even though the sites are managed by different Prism Central instances, Nutanix documents DR support between clusters registered to different Prism Central instances as well. So the most scalable and documentation-aligned answer is D.

Nutanix Self-Service and NCM documentation explains that approval policies are built around defined conditions and approvers, and those policies are part of the broader Policy Engine capability. Nutanix further documents that the Policy Engine is included in NCM and provides the governance framework for conditions-based approvals before deployment actions proceed. Since the question asks specifically about defining conditions and approvers that must be satisfied before deployment, the correct enabling component is Policy Engine.

Marketplace can host deployable items, but it does not by itself provide the approval-governance mechanism being asked about. Nutanix Central and Power Monitor are unrelated to approval workflows. The wording in the question almost mirrors Nutanix’s own approval-policy description, which is why the intended answer is clear. To enforce conditional approvals before provisioning or deployment actions, administrators use Policy Engine. Therefore A is the authentic answer.

For CHAP-protected volume groups, Nutanix documentation is explicit that when the target password is changed, the administrator must also update the associated recovery plan. Nutanix states that if the new target password is not updated in the recovery plan, it is not retained after failover. That makes the recovery plan the place where the failover-side credential continuity is preserved. In other words, protection policies create and replicate recovery points, but the recovery plan contains the information needed for the recovered application workflow, including CHAP details needed after recovery. ( Nutanix Portal )

This is an important exam distinction: protection policy controls snapshot and replication behavior, while recovery plan controls recovery orchestration and the settings needed when workloads are actually brought online at the target site. Recovery points themselves are snapshots of protected entities; they are not the administrative mechanism Nutanix documents for persisting an updated CHAP target password through failover. So even though the uploaded file says option D, the official Nutanix guidance supports A. For failover success with CHAP-enabled VGs, always synchronize password changes with the recovery plan. ( Nutanix Portal )

The wording “security drift” points to SCMA rather than AIDE. In Nutanix security hardening guidance, SCMA scheduling is the control that determines how often SCMA runs, with schedule options such as hourly, daily, weekly, and monthly. That makes the SCMA schedule the setting that changes the cadence of security drift checking without changing the underlying controls themselves. ( Nutanix Portal )

AIDE is a file-integrity mechanism and has its own role, but the question is specifically asking about how often the platform checks for drift in a broader security-configuration sense. Changing the list of entities inspected or baseline enforcement behavior would alter scope or enforcement semantics, not merely frequency. The most direct administrative answer is to change the schedule for SCMA. From an exam perspective, Nutanix often separates what runs, how it is enforced, and when it runs into different settings. Here the requirement is only about “how often,” so option B is the precise match. ( Nutanix Portal )

Nutanix Flow Network Security provides built-in Quarantine category values, including Strict and Forensic. Nutanix documentation states that Strict blocks all inbound and outbound traffic, while Forensic is specifically intended for situations where you want to quarantine the VM but still allow connectivity for forensic access. The documentation also notes that you can configure the allow behavior for forensic mode, which is exactly what this incident-response scenario requires. Therefore A is the correct answer.

This is a strong example of why built-in categories matter operationally. The organization wants a change that can be applied quickly during an incident and does not require redesigning existing policies. Assigning the VM to the Quarantine: Forensic category accomplishes both goals: it uses an existing system-defined control and preserves investigator access. Strict mode would over-isolate the VM and block the forensic tooling too. Thus the most authentic Nutanix response is A.

Nutanix Prism Central documentation for cluster settings profiles includes support for adding both authenticated and unauthenticated NTP servers. In the AOS 7.0 and later generation, the UI and feature set include the fields required for authenticated NTP, such as Key ID and Key Hex. If those fields are not appearing, the most likely explanation is that the managed environment does not meet the required software version for authenticated NTP support in that settings-profile workflow. That is why AOS 7.0 or later is the correct answer. ( Nutanix )

The other answers do not align with the documented dependency. Microservices Infrastructure is unrelated to whether authenticated NTP fields are exposed. There is no requirement that authentication be configured first in Prism Element before it can exist in the settings profile. Changing authentication algorithm type does not explain why the fields are entirely absent to begin with. The version dependency is the decisive factor. Nutanix often exposes advanced configuration fields only when the target cluster capability supports them, so the lack of Key ID and Key Hex strongly indicates that the cluster software level is below the authenticated-NTP requirement. Therefore D is the best answer. ( Nutanix )

Here the uploaded answer key says D, but current Nutanix documentation says that when a cluster is created, the system automatically creates one storage pool and one storage container. Nutanix also documents built-in containers such as NutanixManagementShare and SelfServiceContainer in later feature contexts, which is likely why older or exam-bank wording can become confusing. However, the direct cluster-creation documentation states one storage pool and one storage container are automatically created at cluster creation time. That means none of the options perfectly reflects the current documentation.

Because your source file’s answer key marks D, I am preserving that exam-bank answer here, but I want to be explicit that official current Nutanix documentation does not match these choices exactly. For a strict real-world Nutanix administration answer, I would state: one storage pool and one storage container are created automatically. For consistency with your question set, the preserved answer remains D, but this is one of the items I would flag for correction in a final polished study guide.

In Prism Central VM efficiency and behavioral-learning views, Nutanix groups inefficient VMs into categories such as over-provisioned, inactive, bully, and constrained. A constrained VM is one that does not have enough resources for its workload and is therefore experiencing pressure. Nutanix documentation ties constrained status to signs such as CPU readiness, memory swapping, or other stress indicators that show the VM is not adequately provisioned for what it is trying to do. That means the best interpretation is that those VMs are lacking sufficient resources, which is option B. ( Nutanix Portal )

This category is different from the other distractors. An inactive VM is mostly idle and not making meaningful use of its assigned resources. An over-provisioned VM is wasting capacity because it was allocated too much. A VM that is merely “consuming too much CPU” could be a bully VM or simply a busy VM, but that alone does not define the constrained classification. Nutanix uses the constrained label to signal a right-sizing opportunity in the direction of adding or adjusting resources, not reclaiming them. Therefore the most accurate answer is B, because constrained VMs are the ones that are short on sufficient resources for their workload behavior. ( Nutanix Portal )

Foundation Central is about deployment centralization, not backup, lifecycle upgrades, or automatic registration workflows as its main value proposition. Nutanix documentation describes Foundation Central as a tool that can manage several Foundation instances from a single pane of glass, allowing administrators to create clusters of remote nodes. That statement maps directly to option D. ( Nutanix Portal )

The subtle point here is that the question mentions Marketplace only as the method used to deploy Foundation Central, not as the capability being tested. Once deployed, Foundation Central’s job is to simplify remote cluster creation at scale. It does not replace LCM for software upgrades, nor is its primary role to perform backup and recovery of cluster configurations. Automatic cluster registration may happen as part of broader operational workflows, but it is not the core capability Nutanix emphasizes in the product description. In the context of imaging and deploying many branch-office clusters from a central team, the defining capability is centralized cluster creation and management visibility. That is why D is the right answer. ( Nutanix Portal )

Nutanix security guidance is explicit on this point. After adding an SSH public key and verifying connectivity, Nutanix recommends disabling password authentication for all CVMs and AHV hosts to reduce interactive access risk. The Security Guide notes that after the SSH key inclusion and connectivity validation are complete, password authentication should be disabled as the next hardening step. That makes B the correct answer.

This is a straightforward hardening sequence question. The administrator has already completed the prerequisite—public-key access is working—so the next step is to remove the weaker interactive method. Core dumps, login banners, and UI session settings do not address SSH authentication exposure. Nutanix’s security model favors moving from password-based remote shell access to key-based access only. Therefore B is the authentic and recommended next step.

For AHV, when enabling LACP, Nutanix documentation specifies the Active-Active bond type, also described as balance-tcp. Nutanix explicitly ties LACP and link aggregation behavior to the Active-Active configuration and notes that this configuration sets LACP fallback to Active-Backup on AHV hosts. That makes C the correct bond type for an LACP-enabled design. ( Nutanix Portal )

It is also important to understand why Active-Active with MAC Pinning is wrong here. Nutanix documentation states that the MAC-pinning / balance-slb style must not be used with link aggregation protocols such as LACP. So even though both options sound like they distribute traffic, only one is compatible with LACP. Active-Backup provides redundancy, but not the LACP behavior being requested. “No Uplink Bond” obviously does not meet the requirement. Even without the missing exhibit from the uploaded file, the Nutanix networking documentation makes the intended answer clear: Active-Active is the bond type used when enabling LACP on AHV. ( Nutanix Portal )

The key requirement here is that the playbook must fire based on a pattern of alert characteristics, not on one fixed alert policy name or ID. Nutanix Intelligent Operations documentation provides a trigger type specifically for this purpose: Alerts Matching Criteria. That trigger lets administrators filter alerts using criteria such as severity, type, title patterns, and similar attributes, which is exactly what is needed when policy identifiers vary across environments but the response logic should stay consistent. It avoids binding the playbook to one alert definition and instead binds it to the alert behavior that matters operationally. ( Nutanix )

A single Alert trigger would be too brittle because it ties the automation to one named alert policy. A Webhook trigger would move the matching logic outside Prism and add unnecessary external dependency when the requirement can already be met natively. An Event trigger is also too broad or mismatched because the question is explicitly about filtering alerts by performance-related characteristics. Nutanix created “Alerts Matching Criteria” to handle precisely this kind of cross-environment, pattern-based automation. Therefore, A is the best answer because it gives the administrator scalable, environment-agnostic remediation logic while still excluding unrelated alerts through filters. ( Nutanix )

Nutanix’s recommended migration tool for moving VMs into AHV is Nutanix Move. Official Nutanix guidance and migration material specifically recommend Move as the preferred mechanism for migrating VMs to AHV, especially when the goal is to reduce disruption compared with coarse methods like backup-and-restore. Move is purpose-built for this scenario and supports migration workflows from platforms such as VMware into Nutanix AHV with minimized downtime during cutover. ( Nutanix )

The distractors highlight common confusion between the overall product and helper components. Move Agent may be involved in certain source-platform workflows, but the question asks what should be used to minimize downtime at the solution level. The correct answer is the migration platform itself: Nutanix Move. Backup and restore is usually more disruptive and manual. CCLM is unrelated here. Nutanix positioning is very clear that the standard, supported, low-downtime migration path from a third-party virtual environment to AHV is Move, so D is correct. ( Nutanix )

Nutanix documentation for Prism Central point-in-time backups states that the Recovery Point Objective (RPO) can be configured in values ranging from 1 hour to 24 hours. Since the question asks for the RPO time in hours for Prism Central backups, the expected exam answer is the maximum supported interval of 24 hours, which corresponds to option A.

This is not asking how long recovery takes or how long restore points are retained. Nutanix documents those separately. The RPO defines how often recovery points can be taken, and Prism Central’s backup framework allows choices up to a 24-hour interval. That is why values like 36, 48, or 72 hours are not supported answers in the documented PC backup workflow. So for an authentic Nutanix-aligned study sheet, A. 24 is correct.

Nutanix DR documentation for test failover states that recovered test VMs are brought up in a test virtual network at the recovery AZ, separate from production. Nutanix also documents that when multiple recovery directions or multiple recovery AZs are involved, recovery planning should be created per target direction and the required production and test network mappings need to exist for the recovery plan being tested. If recovery must be tested in both directions between the two clusters, each side effectively needs a production network and a test network. That makes two production networks and two test networks the most complete and correct answer.

This question is really about symmetry. One-direction failover testing can be done with a simpler mapping set, but the moment the requirement says test recovery in both directions, each cluster must be able to act as a recovery site and provide an isolated test-recovery network. That is why a single shared test network is not the best answer here. Nutanix’s recovery-plan structure and test-failover guidance support this interpretation. Therefore C is the correct and most practical answer.

When Prism Central is scaled out for resiliency, the design goal is not only to have multiple Prism Central VMs, but also to ensure they are not placed together in a way that creates a common point of failure. Nutanix documentation around anti-affinity policies explains that VM-VM anti-affinity is used to keep selected VMs from running on the same host. In a scaled-out Prism Central deployment, this placement separation is the logical next step to strengthen resiliency, because it prevents the Prism Central instances from collapsing onto the same physical host and failing together during a node outage. ( Nutanix )

The other options are either unrelated or not the primary required follow-up. Witness Service is associated with Metro Availability and DR designs, not with the baseline requirement of distributing Prism Central VMs after scale-out. Protection Domain protection may be useful in some cases, but it does not solve co-location risk. HA reservations on the hosting Prism Element cluster address restart capacity, not placement diversity. The most direct resiliency improvement after scaling out Prism Central is to enforce separation between the Prism Central VMs. That is why D is the best answer. ( Nutanix )

Here the uploaded answer key says D, but official Nutanix documentation supports B. Nutanix documents that for enhanced security of ROBO environments (typically 1- or 2-node clusters), administrators should select Native KMS (remote) for software-based encryption. Nutanix also states in KMS considerations that software encryption using Native KMS is supported for ROBO deployments using the Native KMS (remote) KMS type. Because the question explicitly describes a 2-node ROBO cluster and requires the keys to be stored outside the cluster, the Nutanix-authentic answer is B. Native KMS (remote).

An external KMS is valid in many enterprise encryption designs, but this question is more specific: it asks for the KMS type Nutanix supports and recommends for software encryption on a ROBO cluster. On that narrow requirement, the official docs point to Native KMS (remote) rather than External KMS. So for an authentic study guide aligned to Nutanix documentation, B is the correct answer.

Nutanix documentation for Protection Policies supports protecting entities by category, which is the most scalable and administratively efficient method when many current and future VMs share the same RPO requirement. By assigning the marketing VMs to a category and then associating that category with the policy, the administrator avoids one-by-one maintenance and also ensures new VMs can inherit protection simply by category assignment. ( Nutanix Portal )

This is exactly the kind of pattern Nutanix encourages across Prism Central: use categories for dynamic grouping and policy application. Adding each VM individually works, but it is not the easiest or most maintainable approach for a large VM set. Templates are not the unit used here for attaching data protection to running workloads. A category-based protection model gives consistency, scale, and easier future operations, particularly when teams like Marketing may continuously create or receive new VMs. Since the question asks for the easiest way, the category-based workflow in option A is the cleanest answer and aligns directly with official Nutanix policy design. ( Nutanix Portal )

Nutanix documentation for service accounts states that authentication is done using a shared secret key generated and managed through IAM. The same service-account framework is designed so the account can perform actions according to assigned privileges rather than inheriting unrestricted administrator rights. In practical terms, that means a service account is meant for automation, API use, and non-interactive authentication, while still being controlled through the RBAC model. That matches D exactly.

The incorrect options reflect common misunderstandings. A service account does not simply log in with the cluster admin password, and it does not automatically inherit full administrator privileges. It is not an external-KMS construct, and certificate-based auth is not how Nutanix documents this service-account mechanism. The exam clue is the phrase “without an interactive user password” combined with “granular permissions.” Nutanix’s answer to that requirement is a service account authenticated by an IAM-managed shared secret with assignable permissions. Therefore D is the authentic Nutanix answer.

Nutanix AHV documentation for Windows Defender Credential Guard support states that the VM must be configured with UEFI and Secure Boot enabled, and Nutanix security guidance for vTPM explains that vTPM is used to protect Windows credentials and is part of the trusted platform features required by modern Windows security functions. Together, these requirements map directly to option D: enable UEFI firmware, enable Secure Boot, and add a vTPM device.

The other options each contain a flaw. IDE is not the correct secure-boot bus choice in these workflows, legacy BIOS does not satisfy the modern secure boot requirement, and “Generation 2 firmware” is Hyper-V-oriented wording rather than the standard AHV requirement stated in Nutanix docs. The policy in the question explicitly mentions rootkit resistance and credential isolation, both of which are tied to Secure Boot and TPM-backed trust. Therefore Nutanix’s documented VM configuration that satisfies those requirements is exactly what is described in D.

Here the uploaded answer key says B, but Nutanix documentation recommends at least five stable time sources that have a high degree of accuracy and are reachable over a reliable network. That exact wording appears in Nutanix time synchronization guidance and related KB material. Because the question specifically asks for the minimum number that constitutes a good configuration ensuring a high degree of accuracy, the Nutanix documentation supports 5, which is option C. ( portal.nutanix.com , portal.nutanix.com , portal.nutanix.com )

Three servers is a common generic IT answer, but the Nutanix wording in its own docs is more specific and recommends five. For an NCP-MCI study document meant to stay authentic to Nutanix guidance, C is the correct answer.

Nutanix documentation specifically identifies deduplication as providing the greatest benefit for common data sets, and it explicitly calls out full-clone VDI workloads as one of the strongest matches. In a full-clone desktop environment, many virtual desktops contain highly similar operating-system files, application binaries, and repeated data blocks. Capacity deduplication is designed to eliminate those repeated blocks and therefore reduce the total physical storage consumed by the environment. This is exactly why Nutanix recommends deduplication for such use cases.

The other answers are less targeted. Thin provisioning is useful generally but is not the signature optimization for repeated-content VDI storage. Erasure coding is powerful for write-cold data and capacity efficiency, but it is not the primary answer Nutanix recommends for full-clone VDI patterns. “Post-process map reduce” is not the standard storage-efficiency answer expected in this context. For exam purposes, whenever Nutanix asks about full-clone VDI, the important association is with capacity deduplication, because that feature directly exploits the high block similarity across cloned desktops. Therefore B is the correct and most authentic answer.